Tackling Cyberattacks on Government with DNS Security

Cyberattacks spare no industry. One popular target for hackers is the Domain Name System (DNS), which can easily be exploited without adequate security measures due to its openness. DNS attacks within the government sphere are particularly dangerous: since governments and their institutions handle extensive amounts of highly sensitive personal information (such as voter and tax data), the repercussions of an attack are vast, making DNS security measures to prevent damages a critical component of any government’s digital infrastructure.

With governments across the globe increasing their efforts to digitize administrative processes, move functions to the cloud and offer new digital services to the public, citizens need extra assurance that their personal data remains protected. But with a growing volume of government data from local and national government agencies moving to cyberspace, as well as an expansion of digital infrastructures in the public sector, the vulnerability to cyberattacks in the public sector is also increasing.

Governments face far reaching damages from DNS attacks

As the 2020 Global DNS Threat Report published by EfficientIP and IDC reveals, cyberattacks on government organizations result in reputational damages and significant financial losses. In fact, more than three quarters of government organizations (78%) fell victim to DNS attacks last year, and financial damages have risen 14% to an average of $636K per attack; one in five respondents of the government sectors surveyed experienced more than 10 attacks a year.

It is particularly striking that, on average, government organizations are more vulnerable to certain DNS attack types than companies in other sectors: 42% of respondents reported DNS-based malware attacks and 24% reported lock-up domain attacks, while 22% reported cloud instance misconfiguration abuse. Almost one-third of government agencies surveyed also stated they had experienced a Distributed Denial of Service (DDoS) attack, which can cause widespread disruption of local and central government’s network traffic as well as significant website and application downtime.

Attacks have a variety of impacts. In the Threat Report, 62% of government organizations surveyed reported application downtime. Fully half experienced cloud service downtime. One in eight organizations reported data theft.

Beyond system impacts, the consequences of such attacks can be far-reaching, and even deadly. A recent example showcases this: in October 2020 a DDoS attack made the headlines when it prevented the Robert Koch Institute (RKI), Germany’s national institute for disease control, from publishing its latest numbers on coronavirus cases. By delaying the entire country’s coronavirus response for several hours, the DDoS attack caused severe damage in Germany’s efforts to contain the spread of COVID-19.

Bolstering network resistance for nationwide safety

Luckily, there are ways to protect government institutions from the growing DNS threat. Several countermeasures have proven their effectiveness, however not all of them are without their own consequences. For example, of the institutions surveyed in the DNS Threat Report, 53% temporarily shut down specific affected processes and connections, and 47% disabled some or all affected applications. While these measures can help stop an attack in the moment, they also shut down business temporarily or lock users out of systems they need. It took these organizations almost 5 hours on average to mitigate an attack—a long time for government workers and staff attempting to access vital apps and services needed to serve the public.

To better safeguard apps, users and data integrity, government entities should implement a Zero Trust strategy. This helps prevent data breaches through DNS by using strict access controls and assuming that anyone on the network is not to be trusted, requiring verification before granting access to resources. There is room to grow in government organizations’ reliance on Zero Trust: nearly 35% of those surveyed have not yet explored the option, and only 13% have piloted it. Encouragingly though, 38% do plan on implementing it as part of their security solutions.

The DNS Threat Report does show that governments are using other methods to safeguard against attacks: currently 25% of government institutions surveyed in the Threat Report see analysis and monitoring of DNS traffic as their top priority for protecting data confidentiality, which ultimately also helps fight ransomware. Four out of five institutions also make use of DNS domain filtering, and 47% have recognized the value of DNS security event information, which they are sending to SIEM solutions to help their SOC (Security Operations Center) simplify and accelerate threat remediation.

Overcoming firewall security holes and preventing breach fatigue

EfficientIP’s DNS Guardian can assist with protection of government systems. By monitoring transactions at the core of the DNS server, DNS Guardian enhances threat visibility. This is a highly useful tool, since nearly all connections are initiated through a DNS request. Unusual activities can therefore be picked up early, mitigating the threat of an attack in advance of it becoming more severe. DNS traffic analysis is also essential when it comes to protecting against data exfiltration via DNS. Information is frequently hidden in normal network traffic, so often goes undetected by firewalls. DNS Guardian can also help in reducing costs and avoiding breach fatigue by enabling actionable data to be passed onto SIEMs and SOCs, rather than huge volumes of DNS logs.

Government security can be bolstered via EfficientIP’s DNS Firewall as well, which makes use of DNS query filtering and dynamic threat intelligence feeds to help prevent connected devices from becoming infected with malware and to block their activity in case of an infection. The combination of DNS Guardian and DNS Firewall significantly boosts institutions’ resilience by detecting threats as early as possible in the kill chain, thus preventing malware from spreading across the network.

Governments are increasingly realizing that DNS breaches can literally put people’s lives at risk. This is especially true during seasons of increased pressure on government institutions, such as during an election or during a worldwide pandemic. That should be incentive enough to put DNS security at the core of every government institution’s security endeavors.